[ 151.278245][ T42] audit: type=1400 audit(1595266013.286:41): avc: denied { map } for pid=8775 comm="bash" path="/bin/bash" dev="sda1" ino=1457 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:file_t:s0 tclass=file permissive=1 Warning: Permanently added '[localhost]:62133' (ECDSA) to the list of known hosts. [ 154.284807][ T42] audit: type=1400 audit(1595266016.296:42): avc: denied { map } for pid=8787 comm="syz-fuzzer" path="/syz-fuzzer" dev="sda1" ino=16526 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:file_t:s0 tclass=file permissive=1 2020/07/20 17:26:56 fuzzer started 2020/07/20 17:26:57 dialing manager at 10.0.2.10:36075 2020/07/20 17:26:57 syscalls: 3205 2020/07/20 17:26:57 code coverage: enabled 2020/07/20 17:26:57 comparison tracing: enabled 2020/07/20 17:26:57 extra coverage: enabled 2020/07/20 17:26:57 setuid sandbox: enabled 2020/07/20 17:26:57 namespace sandbox: enabled 2020/07/20 17:26:57 Android sandbox: /sys/fs/selinux/policy does not exist 2020/07/20 17:26:57 fault injection: enabled 2020/07/20 17:26:57 leak checking: CONFIG_DEBUG_KMEMLEAK is not enabled 2020/07/20 17:26:57 net packet injection: enabled 2020/07/20 17:26:57 net device setup: enabled 2020/07/20 17:26:57 concurrency sanitizer: /sys/kernel/debug/kcsan does not exist 2020/07/20 17:26:57 devlink PCI setup: PCI device 0000:00:10.0 is not available 2020/07/20 17:26:57 USB emulation: enabled [ 155.171651][ T42] audit: type=1400 audit(1595266017.186:43): avc: denied { integrity } for pid=8803 comm="syz-executor" lockdown_reason="debugfs access" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 17:27:41 executing program 0: [ 199.265994][ T42] audit: type=1400 audit(1595266061.266:44): avc: denied { map } for pid=8807 comm="syz-executor.0" path="/sys/kernel/debug/kcov" dev="debugfs" ino=3113 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=system_u:object_r:debugfs_t:s0 tclass=file permissive=1 17:27:41 executing program 1: 17:27:41 executing program 2: [ 200.179075][ T8810] IPVS: ftp: loaded support on port[0] = 21 [ 200.179546][ T8809] IPVS: ftp: loaded support on port[0] = 21 17:27:42 executing program 3: [ 200.553259][ T8812] IPVS: ftp: loaded support on port[0] = 21 [ 200.796083][ T8810] chnl_net:caif_netlink_parms(): no params data found [ 200.856960][ T8809] chnl_net:caif_netlink_parms(): no params data found [ 201.014982][ T8816] IPVS: ftp: loaded support on port[0] = 21 [ 201.092606][ T8810] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.116951][ T8810] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.155672][ T8810] device bridge_slave_0 entered promiscuous mode [ 201.204719][ T8810] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.229439][ T8810] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.253769][ T8810] device bridge_slave_1 entered promiscuous mode [ 201.312492][ T8809] bridge0: port 1(bridge_slave_0) entered blocking state [ 201.340794][ T8809] bridge0: port 1(bridge_slave_0) entered disabled state [ 201.372594][ T8809] device bridge_slave_0 entered promiscuous mode [ 201.404228][ T8809] bridge0: port 2(bridge_slave_1) entered blocking state [ 201.418517][ T8809] bridge0: port 2(bridge_slave_1) entered disabled state [ 201.441537][ T8809] device bridge_slave_1 entered promiscuous mode [ 201.494949][ T8809] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 201.526819][ T8809] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 201.568712][ T8810] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 201.596875][ T8812] chnl_net:caif_netlink_parms(): no params data found [ 201.648839][ T8809] team0: Port device team_slave_0 added [ 201.675006][ T8810] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 201.725388][ T8809] team0: Port device team_slave_1 added [ 201.799972][ T8810] team0: Port device team_slave_0 added [ 201.823930][ T8809] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 201.841275][ T8809] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 201.908065][ T8809] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 201.947544][ T8810] team0: Port device team_slave_1 added [ 201.975317][ T8809] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 201.990949][ T8809] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 202.055105][ T8809] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 202.097660][ T8810] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 202.116602][ T8810] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 202.184094][ T8810] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 202.225425][ T8810] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 202.244491][ T8810] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 202.315221][ T8810] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 202.353814][ T8812] bridge0: port 1(bridge_slave_0) entered blocking state [ 202.379521][ T8812] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.401319][ T8812] device bridge_slave_0 entered promiscuous mode [ 202.429925][ T8812] bridge0: port 2(bridge_slave_1) entered blocking state [ 202.445096][ T8812] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.462883][ T8812] device bridge_slave_1 entered promiscuous mode [ 202.544532][ T8809] device hsr_slave_0 entered promiscuous mode [ 202.620885][ T8809] device hsr_slave_1 entered promiscuous mode [ 202.760313][ T8812] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 202.832890][ T8810] device hsr_slave_0 entered promiscuous mode [ 202.900036][ T8810] device hsr_slave_1 entered promiscuous mode [ 202.960071][ T8810] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 202.974537][ T8810] Cannot create hsr debugfs directory [ 202.995054][ T8812] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 203.030068][ T8816] chnl_net:caif_netlink_parms(): no params data found [ 203.086905][ T8812] team0: Port device team_slave_0 added [ 203.107450][ T8812] team0: Port device team_slave_1 added [ 203.161737][ T8812] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 203.174651][ T8812] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.227659][ T8812] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 203.283763][ T8812] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 203.307639][ T8812] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 203.365785][ T8812] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 203.563610][ T8812] device hsr_slave_0 entered promiscuous mode [ 203.630726][ T8812] device hsr_slave_1 entered promiscuous mode [ 203.700330][ T8812] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 203.718316][ T8812] Cannot create hsr debugfs directory [ 203.752346][ T8816] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.777278][ T8816] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.796442][ T8816] device bridge_slave_0 entered promiscuous mode [ 204.017048][ T8816] bridge0: port 2(bridge_slave_1) entered blocking state [ 204.039187][ T8816] bridge0: port 2(bridge_slave_1) entered disabled state [ 204.065189][ T8816] device bridge_slave_1 entered promiscuous mode [ 204.238111][ T8816] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 204.274392][ T42] audit: type=1400 audit(1595266066.276:45): avc: denied { create } for pid=8809 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 204.372902][ T8809] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 204.429922][ T42] audit: type=1400 audit(1595266066.286:46): avc: denied { write } for pid=8809 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 204.429942][ T42] audit: type=1400 audit(1595266066.306:47): avc: denied { read } for pid=8809 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=netlink_generic_socket permissive=1 [ 204.673088][ T8816] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 204.784632][ T8809] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 204.907735][ T8809] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 205.016673][ T8816] team0: Port device team_slave_0 added [ 205.076811][ T8809] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 205.193140][ T8816] team0: Port device team_slave_1 added [ 205.222760][ T8810] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 205.319557][ T8810] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 205.428919][ T8810] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 205.509524][ T8810] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 205.626760][ T8816] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 205.641667][ T8816] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 205.695036][ T8816] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 205.723231][ T8816] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 205.735695][ T8816] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 205.784216][ T8816] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 205.947992][ T8816] device hsr_slave_0 entered promiscuous mode [ 206.030288][ T8816] device hsr_slave_1 entered promiscuous mode [ 206.090551][ T8816] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 206.113002][ T8816] Cannot create hsr debugfs directory [ 206.152384][ T8812] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 206.221053][ T8812] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 206.325598][ T8812] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 206.454324][ T8812] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 206.714849][ T8816] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 206.798730][ T8816] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 206.911768][ T8810] 8021q: adding VLAN 0 to HW filter on device bond0 [ 206.933724][ T8816] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 206.992895][ T8816] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 207.066781][ T8809] 8021q: adding VLAN 0 to HW filter on device bond0 [ 207.114577][ T8810] 8021q: adding VLAN 0 to HW filter on device team0 [ 207.136761][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 207.178980][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 207.199525][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 207.217658][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 207.253614][ T8809] 8021q: adding VLAN 0 to HW filter on device team0 [ 207.281578][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 207.299348][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 207.318484][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.339392][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.367962][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 207.390136][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 207.412180][ T28] bridge0: port 1(bridge_slave_0) entered blocking state [ 207.430125][ T28] bridge0: port 1(bridge_slave_0) entered forwarding state [ 207.452156][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 207.481915][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 207.517136][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 207.537917][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 207.558748][ T8835] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.576404][ T8835] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.600800][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 207.623497][ T8812] 8021q: adding VLAN 0 to HW filter on device bond0 [ 207.643501][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 207.664885][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 207.683570][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 207.703153][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 207.738264][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 207.766276][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 207.788081][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 207.806552][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 207.831416][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 207.849151][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 207.864784][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 207.884828][ T8812] 8021q: adding VLAN 0 to HW filter on device team0 [ 207.901074][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 207.916123][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 207.935653][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 207.955674][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 207.972235][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 208.003127][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 208.042209][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 208.075314][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 208.103610][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 208.130114][ T8833] bridge0: port 1(bridge_slave_0) entered blocking state [ 208.147629][ T8833] bridge0: port 1(bridge_slave_0) entered forwarding state [ 208.162330][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 208.184487][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 208.212713][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 208.241840][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 208.274081][ T8810] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 208.313484][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 208.339146][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.366633][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 208.401675][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 208.419061][ T28] bridge0: port 2(bridge_slave_1) entered blocking state [ 208.434492][ T28] bridge0: port 2(bridge_slave_1) entered forwarding state [ 208.450822][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 208.489226][ T8809] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 208.516382][ T8809] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 208.553108][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 208.567971][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 208.585283][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 208.604090][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 208.621692][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 208.641513][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 208.658331][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 208.673964][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 208.688158][ T8833] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 208.712043][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 208.729414][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 208.747569][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 208.765570][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 208.791337][ T8809] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 208.810951][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 208.827820][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 208.846296][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 208.864231][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 208.884348][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 208.905213][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 208.929199][ T8816] 8021q: adding VLAN 0 to HW filter on device bond0 [ 208.958456][ T8812] IPv6: ADDRCONF(NETDEV_CHANGE): hsr0: link becomes ready [ 208.981092][ T8810] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.002693][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1: link becomes ready [ 209.018713][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0: link becomes ready [ 209.054623][ T8816] 8021q: adding VLAN 0 to HW filter on device team0 [ 209.089515][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 209.120758][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 209.154139][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bridge: link becomes ready [ 209.179350][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 209.199061][ T3232] bridge0: port 1(bridge_slave_0) entered blocking state [ 209.218502][ T3232] bridge0: port 1(bridge_slave_0) entered forwarding state [ 209.254715][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): bridge0: link becomes ready [ 209.280929][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 209.298600][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 209.317229][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 209.337551][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 209.368441][ T8812] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 209.391916][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bridge: link becomes ready [ 209.408842][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_1: link becomes ready [ 209.426761][ T2855] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.444296][ T2855] bridge0: port 2(bridge_slave_1) entered forwarding state [ 209.464052][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_bond: link becomes ready [ 209.502877][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 209.518975][ T13] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 209.533905][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 209.553199][ T8838] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 209.583250][ T8809] device veth0_vlan entered promiscuous mode [ 209.596413][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_bond: link becomes ready [ 209.631130][ T8836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_team: link becomes ready [ 209.652959][ T8836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_0: link becomes ready [ 209.669187][ T8836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_team: link becomes ready [ 209.690392][ T8836] IPv6: ADDRCONF(NETDEV_CHANGE): team_slave_1: link becomes ready [ 209.706036][ T8836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_hsr: link becomes ready [ 209.722869][ T8836] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_0: link becomes ready [ 209.739135][ T8836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 209.759037][ T8836] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 209.777793][ T8836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_hsr: link becomes ready [ 209.794777][ T8836] IPv6: ADDRCONF(NETDEV_CHANGE): hsr_slave_1: link becomes ready [ 209.813201][ T8836] IPv6: ADDRCONF(NETDEV_CHANGE): team0: link becomes ready [ 209.834401][ T8836] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 209.855581][ T8836] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 209.880235][ T8810] device veth0_vlan entered promiscuous mode [ 209.910472][ T8809] device veth1_vlan entered promiscuous mode [ 209.951021][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 210.005961][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 210.061960][ T8810] device veth1_vlan entered promiscuous mode [ 210.113085][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan1: link becomes ready [ 210.168683][ T2855] IPv6: ADDRCONF(NETDEV_CHANGE): vxcan0: link becomes ready [ 210.250540][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 210.298628][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 210.354880][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 210.396136][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 210.439463][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 210.469381][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 210.496381][ T8816] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 210.529462][ T8812] device veth0_vlan entered promiscuous mode [ 210.554750][ T8809] device veth0_macvtap entered promiscuous mode [ 210.587398][ T8809] device veth1_macvtap entered promiscuous mode [ 210.641711][ T8809] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 210.673627][ T8834] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 210.699126][ T8834] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 210.721119][ T8834] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 210.751420][ T8834] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 210.793032][ T8812] device veth1_vlan entered promiscuous mode [ 210.825254][ T8809] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 210.856998][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan0: link becomes ready [ 210.890725][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): macvlan1: link becomes ready [ 210.923367][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 210.974253][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 211.027152][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 211.064654][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 211.113981][ T8810] device veth0_macvtap entered promiscuous mode [ 211.156486][ T8810] device veth1_macvtap entered promiscuous mode [ 211.191996][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 211.237750][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_virt_wifi: link becomes ready [ 211.277777][ T8835] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_virt_wifi: link becomes ready [ 211.513243][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready [ 211.540050][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 211.562910][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_vlan: link becomes ready [ 211.593150][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_vlan: link becomes ready [ 211.616995][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan0: link becomes ready [ 211.633857][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): vlan1: link becomes ready [ 211.655635][ T8812] device veth0_macvtap entered promiscuous mode [ 211.731321][ T8816] device veth0_vlan entered promiscuous mode [ 211.755069][ T8810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 211.778589][ T8810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 211.797755][ T8810] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 211.813595][ T8812] device veth1_macvtap entered promiscuous mode [ 211.832356][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 211.848042][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): macsec0: link becomes ready [ 211.861754][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 211.877024][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 212.010611][ T8810] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 212.017501][ T42] audit: type=1400 audit(1595266074.026:48): avc: denied { associate } for pid=8809 comm="syz-executor.0" name="syz0" scontext=unconfined_u:object_r:unlabeled_t:s0 tcontext=system_u:object_r:unlabeled_t:s0 tclass=filesystem permissive=1 [ 212.057558][ T8810] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.192166][ T8810] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 212.262922][ T8836] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 212.294715][ T8836] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 212.318547][ T8816] device veth1_vlan entered promiscuous mode [ 212.484662][ T8809] cgroup: cgroup: disabling cgroup2 socket matching due to net_prio or net_cls activation [ 212.579306][ T8812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 212.616236][ T8812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 212.670535][ T8812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 212.756300][ T8812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! 17:27:54 executing program 0: perf_event_open(&(0x7f0000000180)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1fc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x400000000001, 0x0) close(r0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00', 0x2, 0x0) read$midi(r1, &(0x7f0000000280)=""/4089, 0xff9) r2 = open(&(0x7f00000000c0)='./bus\x00', 0x143042, 0x0) r3 = creat(&(0x7f0000000140)='./bus\x00', 0x0) ftruncate(r3, 0x48280) sendfile(r0, r2, 0x0, 0x200fff) sendmsg$NLBL_UNLABEL_C_STATICREMOVEDEF(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000200)={&(0x7f0000000100)={0x1c, 0x0, 0x400, 0x0, 0x25dfdbfe, {}, [@NLBL_UNLABEL_A_IPV4ADDR={0x8, 0x4, @loopback}]}, 0x1c}, 0x1, 0x0, 0x0, 0x4000800}, 0x20000800) [ 212.875481][ T8812] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 213.091545][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 213.133022][ T42] audit: type=1400 audit(1595266075.106:49): avc: denied { open } for pid=8841 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 213.161466][ T3232] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 213.289374][ T42] audit: type=1400 audit(1595266075.106:50): avc: denied { perfmon } for pid=8841 comm="syz-executor.0" capability=38 scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=capability2 permissive=1 [ 213.345841][ T8812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 213.498803][ T42] audit: type=1400 audit(1595266075.106:51): avc: denied { kernel } for pid=8841 comm="syz-executor.0" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=perf_event permissive=1 [ 213.564922][ T8812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.667410][ T42] audit: type=1400 audit(1595266075.106:52): avc: denied { confidentiality } for pid=8841 comm="syz-executor.0" lockdown_reason="unsafe use of perf" scontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tcontext=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 tclass=lockdown permissive=1 [ 213.695371][ T8812] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 213.812358][ T8812] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 213.860831][ T8812] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 213.901056][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 213.957302][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready 17:27:56 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0xc0a85320, &(0x7f0000000100)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}) 17:27:56 executing program 0: r0 = syz_usb_connect$uac1(0x0, 0x71, &(0x7f00000001c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0xdc, 0x0, 0x5, {{}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000000580)={0x14, 0x0, &(0x7f00000004c0)={0x0, 0x3, 0x4, @string={0x4, 0x3, "0127"}}}, 0x0) [ 214.004582][ T42] audit: type=1800 audit(1595266075.976:53): pid=8842 uid=0 auid=4294967295 ses=4294967295 subj=unconfined_u:system_r:insmod_t:s0-s0:c0.c1023 op=collect_data cause=failed comm="syz-executor.0" name="bus" dev="sda1" ino=16556 res=0 17:27:56 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0xc0a85320, &(0x7f0000000100)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}) 17:27:56 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0xc0a85320, &(0x7f0000000100)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}) [ 214.316055][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_macvtap: link becomes ready 17:27:56 executing program 1: r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snd/seq\x00', 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r0, 0xc0a85320, &(0x7f0000000100)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}) [ 214.371115][ T28] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_macvtap: link becomes ready [ 214.443558][ T8816] device veth0_macvtap entered promiscuous mode [ 214.707672][ T8834] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 215.261125][ T8834] usb 5-1: Using ep0 maxpacket: 32 [ 215.343476][ T2940] IPv6: ADDRCONF(NETDEV_CHANGE): macvtap0: link becomes ready [ 215.386509][ T8816] device veth1_macvtap entered promiscuous mode [ 215.445501][ T8834] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 215.472043][ T8816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 215.492738][ T8834] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config 17:27:57 executing program 2: r0 = socket(0x10, 0x2, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = dup2(r1, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[@ANYBLOB="2000000014000104000000000000000002"], 0x20}}, 0x0) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x6, 0x0, &(0x7f0000000100), 0x6, &(0x7f0000000100)}], 0x4924924924926dd, 0x0) [ 215.496264][ T8834] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 215.664261][ T8834] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 215.693363][ T8816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.715917][ T8834] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.744020][ T8816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 215.760972][ T8834] usb 5-1: Product: syz [ 215.760981][ T8834] usb 5-1: Manufacturer: syz [ 215.760990][ T8834] usb 5-1: SerialNumber: syz [ 215.828685][ T8816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.857683][ T8816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3d) already exists on: batadv_slave_0 [ 215.879892][ T8816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 215.905469][ T8816] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 215.925813][ T8866] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 215.943042][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_0: link becomes ready [ 215.959436][ T23] IPv6: ADDRCONF(NETDEV_CHANGE): veth0_to_batadv: link becomes ready [ 215.975430][ T8866] netlink: 8 bytes leftover after parsing attributes in process `syz-executor.2'. [ 215.994151][ T8816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 216.022458][ T8816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.045600][ T8816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 216.078298][ T8816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.099397][ T8816] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_1 [ 216.120068][ T8816] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 216.146987][ T8816] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 216.162612][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): batadv_slave_1: link becomes ready [ 216.213430][ T40] IPv6: ADDRCONF(NETDEV_CHANGE): veth1_to_batadv: link becomes ready [ 216.342925][ T8834] usb 5-1: 0:2 : does not exist [ 216.422537][ T8834] usb 5-1: USB disconnect, device number 2 17:27:58 executing program 1: ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000100)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}) 17:27:58 executing program 2: r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x0) r2 = io_uring_setup(0xa4, &(0x7f0000000000)={0x0, 0x0, 0x1}) io_uring_enter(r2, 0x0, 0x3f00, 0x3, 0x0, 0xfffffffffffffefa) 17:27:58 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000}) [ 217.170729][ T8834] usb 5-1: new high-speed USB device number 3 using dummy_hcd 17:27:59 executing program 0: prctl$PR_SET_PTRACER(0x59616d61, 0xffffffffffffffff) clone(0x80000100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_GET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)={0x24, 0x0, 0x0, 0x0, 0x0, {}, [@TIPC_NLA_SOCK={0x10, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}]}, 0x24}}, 0x0) r0 = gettid() write$sndseq(0xffffffffffffffff, &(0x7f00000000c0)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x140, &(0x7f0000000400)="c4fe91070000000000000022addee07bee6333b5cacd891969b61832cb470c94d61f3514dca771f3321613602c22bee39d365da4a455f4c9fd98ec346760c7bae64d3d00f80a16eba967a568097aa4acd6ecd74d473ff2bdb9693122311ae02ee3d3f8fbe0a10fff4bbaef7cd058ec3a54a90a11c890a73cef2d28533220798a410180000000000000c6fa36cea17bd8d700000000000000003f2623193c8ff31a4502a85559df5fbc21ae2b0927eced002f21edcfdeffaa58466ada5006f7f6dd15d23531189ddfce780a453d7033f38eb1fe49301e13452d9c16e58298751ed9946ee155100e82380fbd5e9a2d53ad556a847ee4d7fb4bcd4804000000de697a30b3e470b43e06ad03c6d0e01d7de7a771fbbec4393e4b72f6f365fb19b0044ebaba124e5c26519dfca5066a83ce20a43ede4290ae884ff9bcfc4cc6260246"}}], 0x1c) wait4(0x0, 0x0, 0x80000000, 0x0) vmsplice(0xffffffffffffffff, &(0x7f0000000100)=[{&(0x7f0000000040)}, {&(0x7f0000000000)="0832f497d38350418e4bb321019511dc5df26e9a0b7ecb6974f527cc14538d1efb1ffe03284f6d33265be9c604b293f20e96beeb2aa4c457ac37a3a3f1ce8682500fcecd80", 0x45}], 0x2, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) tkill(r0, 0x17) ptrace$setregs(0xd, r0, 0x0, &(0x7f0000000080)) ptrace$cont(0x7, r0, 0x0, 0x0) 17:27:59 executing program 2: semop(0x0, &(0x7f0000000000)=[{0x0, 0xffff}, {}], 0x2) semop(0x0, &(0x7f0000000100)=[{0x0, 0xff7f, 0x800}], 0x1) 17:27:59 executing program 1: ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000100)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}) 17:27:59 executing program 3: r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000180)='/dev/fb0\x00', 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3f000000}) 17:27:59 executing program 1: ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000100)={0x80, 0x0, 0x0, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2]}) 17:27:59 executing program 2: pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x88002, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'syzkaller1\x00', 0x2}) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r4, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', {0x7, 0x0, @empty}}) r5 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000240)={0x0, 0x8000}, 0x4) write$tun(0xffffffffffffffff, &(0x7f0000000140)={@void, @void, @eth={@broadcast, @empty, @val={@void}, {@ipv4={0x800, @generic={{0x5, 0x4, 0x0, 0x0, 0xffe3, 0x0, 0x0, 0x0, 0x0, 0x0, @loopback, @multicast2}}}}}}, 0x26) write$binfmt_misc(r1, &(0x7f0000000140)=ANY=[], 0x1000000c8) ioctl$EXT4_IOC_ALLOC_DA_BLKS(0xffffffffffffffff, 0x660c) splice(r0, 0x0, r2, 0x0, 0x10005, 0x0) [ 217.420211][ T8898] ================================================================== [ 217.420211][ T8898] BUG: KASAN: vmalloc-out-of-bounds in bitfill_aligned+0x34a/0x400 [ 217.420211][ T8898] Write of size 8 at addr ffffc90009a81000 by task syz-executor.3/8898 [ 217.420211][ T8898] [ 217.420211][ T8898] CPU: 1 PID: 8898 Comm: syz-executor.3 Not tainted 5.8.0-rc6-syzkaller #0 [ 217.420211][ T8898] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 217.420211][ T8898] Call Trace: [ 217.420211][ T8898] dump_stack+0x18f/0x20d [ 217.420211][ T8898] ? bitfill_aligned+0x34a/0x400 [ 217.420211][ T8898] ? bitfill_aligned+0x34a/0x400 [ 217.420211][ T8898] print_address_description.constprop.0.cold+0x5/0x436 [ 217.420211][ T8898] ? mutex_lock_io_nested+0xf60/0xf60 [ 217.420211][ T8898] ? find_held_lock+0x2d/0x110 [ 217.420211][ T8898] ? lockdep_hardirqs_off+0x66/0xa0 [ 217.420211][ T8898] ? vprintk_func+0x97/0x1a6 [ 217.420211][ T8898] ? bitfill_aligned+0x34a/0x400 [ 217.420211][ T8898] kasan_report.cold+0x1f/0x37 [ 217.420211][ T8898] ? wait_for_completion+0x201/0x260 [ 217.420211][ T8898] ? bitfill_aligned+0x34a/0x400 [ 217.420211][ T8898] bitfill_aligned+0x34a/0x400 [ 217.420211][ T8898] sys_fillrect+0x408/0x7a0 [ 217.420211][ T8898] ? sys_fillrect+0x7a0/0x7a0 [ 217.420211][ T8898] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 217.420211][ T8898] bit_clear_margins+0x2d5/0x4a0 [ 217.420211][ T8898] ? bit_bmove+0x210/0x210 [ 217.420211][ T8898] ? fb_get_color_depth+0x11a/0x240 [ 217.420211][ T8898] fbcon_clear_margins+0x1d5/0x230 [ 217.420211][ T8898] fbcon_switch+0xb6e/0x16c0 [ 217.420211][ T8898] ? fbcon_scroll+0x3600/0x3600 [ 217.420211][ T8898] ? fbcon_cursor+0x52b/0x650 [ 217.420211][ T8898] ? kmalloc_array.constprop.0+0x20/0x20 [ 217.420211][ T8898] ? is_console_locked+0x5/0x10 [ 217.420211][ T8898] ? fbcon_set_origin+0x26/0x50 [ 217.420211][ T8898] redraw_screen+0x2ae/0x770 [ 217.420211][ T8898] ? vc_init+0x440/0x440 [ 217.420211][ T8898] ? fb_get_color_depth+0x11a/0x240 [ 217.420211][ T8898] ? fbcon_set_palette+0x3a8/0x490 [ 217.420211][ T8898] fbcon_modechanged+0x575/0x710 [ 217.420211][ T8898] fbcon_update_vcs+0x3a/0x50 [ 217.420211][ T8898] fb_set_var+0xae8/0xd60 [ 217.420211][ T8898] ? fb_blank+0x190/0x190 [ 217.420211][ T8898] ? lock_release+0x8d0/0x8d0 [ 217.420211][ T8898] ? lock_is_held_type+0xb0/0xe0 [ 217.420211][ T8898] ? do_fb_ioctl+0x2f2/0x6c0 [ 217.420211][ T8898] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 217.420211][ T8898] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 217.420211][ T8898] ? trace_hardirqs_on+0x5f/0x220 [ 217.420211][ T8898] do_fb_ioctl+0x33f/0x6c0 [ 217.420211][ T8898] ? fb_set_suspend+0x1a0/0x1a0 [ 217.420211][ T8898] ? tomoyo_execute_permission+0x470/0x470 [ 217.420211][ T8898] ? lock_is_held_type+0xb0/0xe0 [ 217.420211][ T8898] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 217.420211][ T8898] ? do_vfs_ioctl+0x27d/0x1090 [ 217.420211][ T8898] ? __fget_files+0x294/0x400 [ 217.420211][ T8898] fb_ioctl+0xdd/0x130 [ 217.420211][ T8898] ? do_fb_ioctl+0x6c0/0x6c0 [ 217.420211][ T8898] ksys_ioctl+0x11a/0x180 [ 217.420211][ T8898] __x64_sys_ioctl+0x6f/0xb0 [ 217.420211][ T8898] ? lockdep_hardirqs_on+0x6a/0xe0 [ 217.420211][ T8898] do_syscall_64+0x60/0xe0 [ 217.420211][ T8898] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 217.420211][ T8898] RIP: 0033:0x45c049 [ 217.420211][ T8898] Code: Bad RIP value. [ 217.420211][ T8898] RSP: 002b:00007f61c8c8bc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 217.420211][ T8898] RAX: ffffffffffffffda RBX: 00000000006fb3c0 RCX: 000000000045c049 [ 217.420211][ T8898] RDX: 0000000020000200 RSI: 0000000000004601 RDI: 0000000000000003 [ 217.420211][ T8898] RBP: 00000000004a906e R08: 0000000000000000 R09: 0000000000000000 [ 217.420211][ T8898] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000074bf00 [ 217.420211][ T8898] R13: 00007ffd6703908f R14: 00007f61c8c6c000 R15: 0000000000000003 [ 217.420211][ T8898] [ 217.420211][ T8898] [ 217.420211][ T8898] Memory state around the buggy address: [ 217.420211][ T8898] ffffc90009a80f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 217.420211][ T8898] ffffc90009a80f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 217.420211][ T8898] >ffffc90009a81000: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 217.420211][ T8898] ^ [ 217.420211][ T8898] ffffc90009a81080: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 217.420211][ T8898] ffffc90009a81100: f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 f9 [ 217.420211][ T8898] ================================================================== [ 217.420211][ T8898] Disabling lock debugging due to kernel taint [ 217.464416][ T8898] Kernel panic - not syncing: panic_on_warn set ... [ 217.464512][ T8898] CPU: 1 PID: 8898 Comm: syz-executor.3 Tainted: G B 5.8.0-rc6-syzkaller #0 [ 217.464518][ T8898] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS rel-1.12.0-59-gc9ba5276e321-prebuilt.qemu.org 04/01/2014 [ 217.464553][ T8898] Call Trace: [ 217.464664][ T8898] dump_stack+0x18f/0x20d [ 217.464676][ T8898] ? bitfill_aligned+0x310/0x400 [ 217.464889][ T8898] panic+0x2e3/0x75c [ 217.464899][ T8898] ? __warn_printk+0xf3/0xf3 [ 217.464913][ T8898] ? preempt_schedule_common+0x59/0xc0 [ 217.464922][ T8898] ? bitfill_aligned+0x34a/0x400 [ 217.465120][ T8898] ? preempt_schedule_thunk+0x16/0x18 [ 217.465129][ T8898] ? trace_hardirqs_on+0x55/0x220 [ 217.465138][ T8898] ? bitfill_aligned+0x34a/0x400 [ 217.465146][ T8898] ? bitfill_aligned+0x34a/0x400 [ 217.465264][ T8898] end_report+0x4d/0x53 [ 217.465278][ T8898] kasan_report.cold+0xd/0x37 [ 217.465295][ T8898] ? wait_for_completion+0x201/0x260 [ 217.465309][ T8898] ? bitfill_aligned+0x34a/0x400 [ 217.465326][ T8898] bitfill_aligned+0x34a/0x400 [ 217.465343][ T8898] sys_fillrect+0x408/0x7a0 [ 217.465358][ T8898] ? sys_fillrect+0x7a0/0x7a0 [ 217.465377][ T8898] drm_fb_helper_sys_fillrect+0x1e/0x190 [ 217.465391][ T8898] bit_clear_margins+0x2d5/0x4a0 [ 217.465400][ T8898] ? bit_bmove+0x210/0x210 [ 217.465411][ T8898] ? fb_get_color_depth+0x11a/0x240 [ 217.465420][ T8898] fbcon_clear_margins+0x1d5/0x230 [ 217.465429][ T8898] fbcon_switch+0xb6e/0x16c0 [ 217.465439][ T8898] ? fbcon_scroll+0x3600/0x3600 [ 217.465456][ T8898] ? fbcon_cursor+0x52b/0x650 [ 217.465468][ T8898] ? kmalloc_array.constprop.0+0x20/0x20 [ 217.465479][ T8898] ? is_console_locked+0x5/0x10 [ 217.465566][ T8898] ? fbcon_set_origin+0x26/0x50 [ 217.465578][ T8898] redraw_screen+0x2ae/0x770 [ 217.465588][ T8898] ? vc_init+0x440/0x440 [ 217.465596][ T8898] ? fb_get_color_depth+0x11a/0x240 [ 217.465605][ T8898] ? fbcon_set_palette+0x3a8/0x490 [ 217.465614][ T8898] fbcon_modechanged+0x575/0x710 [ 217.465623][ T8898] fbcon_update_vcs+0x3a/0x50 [ 217.465632][ T8898] fb_set_var+0xae8/0xd60 [ 217.465642][ T8898] ? fb_blank+0x190/0x190 [ 217.465654][ T8898] ? lock_release+0x8d0/0x8d0 [ 217.465664][ T8898] ? lock_is_held_type+0xb0/0xe0 [ 217.465675][ T8898] ? do_fb_ioctl+0x2f2/0x6c0 [ 217.465691][ T8898] ? _raw_spin_unlock_irqrestore+0x62/0xe0 [ 217.465700][ T8898] ? lockdep_hardirqs_on_prepare+0x3a2/0x590 [ 217.465707][ T8898] ? trace_hardirqs_on+0x5f/0x220 [ 217.465717][ T8898] do_fb_ioctl+0x33f/0x6c0 [ 217.465726][ T8898] ? fb_set_suspend+0x1a0/0x1a0 [ 217.465735][ T8898] ? tomoyo_execute_permission+0x470/0x470 [ 217.465745][ T8898] ? lock_is_held_type+0xb0/0xe0 [ 217.465756][ T8898] ? __sanitizer_cov_trace_switch+0x45/0x70 [ 217.465764][ T8898] ? do_vfs_ioctl+0x27d/0x1090 [ 217.465776][ T8898] ? __fget_files+0x294/0x400 [ 217.465785][ T8898] fb_ioctl+0xdd/0x130 [ 217.465793][ T8898] ? do_fb_ioctl+0x6c0/0x6c0 [ 217.465800][ T8898] ksys_ioctl+0x11a/0x180 [ 217.465808][ T8898] __x64_sys_ioctl+0x6f/0xb0 [ 217.465815][ T8898] ? lockdep_hardirqs_on+0x6a/0xe0 [ 217.465823][ T8898] do_syscall_64+0x60/0xe0 [ 217.465832][ T8898] entry_SYSCALL_64_after_hwframe+0x44/0xa9 [ 217.465839][ T8898] RIP: 0033:0x45c049 [ 217.465842][ T8898] Code: Bad RIP value. [ 217.465846][ T8898] RSP: 002b:00007f61c8c8bc88 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 217.465854][ T8898] RAX: ffffffffffffffda RBX: 00000000006fb3c0 RCX: 000000000045c049 [ 217.465859][ T8898] RDX: 0000000020000200 RSI: 0000000000004601 RDI: 0000000000000003 [ 217.465863][ T8898] RBP: 00000000004a906e R08: 0000000000000000 R09: 0000000000000000 [ 217.465868][ T8898] R10: 0000000000000000 R11: 0000000000000246 R12: 000000000074bf00 [ 217.465872][ T8898] R13: 00007ffd6703908f R14: 00007f61c8c6c000 R15: 0000000000000003 [ 217.469858][ T8898] Kernel Offset: disabled [ 217.469858][ T8898] Rebooting in 86400 seconds..